-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FluBot Android Spyware Taken Down in Global Law Enforcement Operation

FluBot Android Spyware Taken Down in Global Law Enforcement Operation

Jun 01, 2022
An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called  FluBot . "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol  said  in a statement. The "complex investigation" included authorities from Australia, Belgium, Finland, Hungary, Ireland, Romania, Spain, Sweden, Switzerland, the Netherlands, and the U.S. FluBot , also called Cabassous, emerged in the wild in December 2020, masking its insidious intent behind the veneer of seemingly innocuous package tracking applications such as FedEx, DHL, and Correos.  It primarily spreads via smishing (aka SMS-based phishing) messages that trick unsuspecting recipients into clicking on a link to download the malware-laced apps. Once launched, the app would proceed to request access to Android...
YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

Jun 01, 2022
As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called  YODA  that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology. "Attackers impersonated benign plugin authors and spread malware by distributing pirated plugins," the researchers  said  in a new paper titled " Mistrust Plugins You Must ." "The number of malicious plugins on websites has steadily increased over the years, and malicious activity peaked in March 2020. Shockingly, 94% of the malicious plugins installed over those 8 years are still active today." The large-scale research entailed analyzing WordPress plugins installed in 410,122 unique web servers dating all the way back to 2012...
New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers

New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers

Jun 01, 2022
An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. "Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen," Israeli cybersecurity company Check Point  said . First spotted in the wild in October 2020, XLoader is a successor to Formbook and a  cross-platform information stealer  that's capable of plundering credentials from web browsers, capturing keystrokes and screenshots, and executing arbitrary commands and payloads. More recently, the  ongoing geopolitical conflict  between Russia and Ukraine has proved to be a lucrative fodder for  distributing XLoader  by means of  phishing emails  aimed at high-ranking government officials in Ukraine. The latest findings from Check P...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability

Jun 01, 2022
An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new  zero-day flaw  in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint  said  in a tweet. "Campaigns impersonate the 'Women Empowerments Desk' of the Central Tibetan Administration and use the domain tibet-gov.web[.]app." TA413  is best known for its campaigns aimed at the Tibetan diaspora to deliver implants such as  Exile RAT  and  Sepulcher  as well as a rogue Firefox browser extension dubbed  FriarFox . The high-severity security flaw, dubbed Follina and tracked as CVE-2022-30190 (CVSS score: 7.8), relates to a case of remote code execution that abuses the "ms-msdt:" protocol URI scheme to execute arbitrary code...
Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise

Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise

May 31, 2022
An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal. "The most worrying leitmotif is the increasing attention to On-Device Fraud (ODF)," Dutch cybersecurity company ThreatFabric  said  in a report shared with The Hacker News. "Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines." Hydra ,  FluBot  (aka Cabassous),  Cerberus ,  Octo , and  ERMAC  accounted for the most active banking trojans based on the number of samples obser...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources